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DETAILED ACTION 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made, 

2. Claims 1-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cook et al. (US 
Patent No. 6,675,153 Bl) in view of Yacobi et al. (US Patent No. 7,020,638 Bl). 

3. Referring to claim 1 . Cook et al. disclose a digest by performing a hash on the electronic 
fund transfer disbursement file (col. 1, lines 24-41); 

• Receiving an authorization response from the remote system (col. 2, lines 39-55); 

• A web server system for transferring authorization control code to the remote system, the 
authorization control code driving the remote system to perform the following steps (Fig. 4). In 
the fig. 4 shows the web server, which is well known to do this kind of operations. 

• Obtaining the digital signature of authenticated attributes, the authenticated attributes 
including the digest (col. 2, lines 38-52); 

• And generating the authorization response, the authorization response including the digital 
signature (col. 2, lines 38-52). 

Cook et al. does not expressly disclose a payment management system for obtaining approval 
of an electronic fund transfer disbursement file from a user of a remote system and transferring 
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the electronic fund transfer disbursement file to a payments processor, the payment management 
system comprising: an electronic transfer submission module for; transferring an electronic funds 
submission to the payments processor, the electronic funds submission comprising the payment 
transaction file and at least a portion of the authorization response comprising a digital signature; 

Yacobi et al. discloses a payment management system for obtaining approval of an electronic 
fimd transfer disbursement file from a user of a remote system and transferring the electronic 
fund transfer disbursement file to a payments processor, the payment management system 
comprising (col. 1, 5, lines 24-44, 50-57): 

• An electronic transfer submission module for (col. 5, line 50-57): 

• Transferring an electronic funds submission to the payments processor, the electronic 
funds submission comprising the payment transaction file and at least a portion of the 
authorization response comprising a digital signature (col. 16, 18, lines 8 — 14, 54-67); 

Therefore, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to have modified of Cook et al. to include the step(s) taught by Yacobi et 
al. as discussed above in order to provide a real-time software application is provided that allows 
consumers to authorize transaction in a secure, private, and convenient manner for the purchase 
of goods and services over the internet (col. 1, lines 52-56). 

4. Referring to claim 2 . Cook et al. discloses the digital signature comprises a digital signature 
of a hash of the authenticated attributes (col. 1, lines 24-41). 

• The authorization control code further provides for the remote system to, generate 
additional message attributes (col. 1, lines 24-41). 
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• Combine the additional message attributes with the digest to generate the authenticated 
attributes (col. 1, lines 24-41); 

5. Referring to claim 3 . Cook et al. discloses the authorization control code further drives the 
remote system to (col. 1, lines 14-49): 

• Generate and pass a dummy data string to a signing component to obtain a dummy 
authentication data structure, the dummy authentication data structure comprising a dummy 
digital signature (col. 1, lines 14-49); 

• Pass the authenticated attributes to the signing component to obtain the digital signature 
(col. 1, lines 14-49); 

• Combine the digital signature with at least a portion of the dunrniy authentication data 
structure by replacing the dummy digital signature with the digital signature to generate an 
authentication data structure (coL 1, lines 14-49); 

• And include the authentication data structure in the authorization response (col. 1, lines 
14-49). 

6. Referring to claim 4 . Cook et al. discloses the dummy data structure further comprises a 
dummy digest (col. 1, lines 14-49); 

• The authorization control code further drives the remote system to combine the 

digest with the dunmiy authentication data structure to generate the authentication data structure 
by replacing the dummy digest with the digest (col. 1, lines 14-49). 

7. Referring to claim 5 . Cook et al. discloses a log on module for authenticating the user of the 
remote system by (col. 1, lines 14-49): 
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• Obtaining log on credentials identifying the user of the remote system; detemiining 
whether the log on credentials match those of an authorized user (col. 1, lines 14-49); 

• The electronic fund transfer submission module transfers the authorization request to the 
remote system only if the log on credentials match those of an authorized user (col. 1, lines 14- 
49). 

8. Referring to claim 6 . Cook et al. discloses the electronic fund transfer submission module 
further authenticates the user of the remote system to the payments processor by (col. 1, lines 14- 
49): 

• Receiving an authentication challenge from the payments processor (col. 1, Hues 14-49); 

• Transferring the authentication challenge to the remote system (col. 1, lines 14-49); 

• Receiving an authentication response from the remote system; and transferring the 
authentication response to the payments processor (col. 1, lines 14-49). 

9. Referring to claim 7 . Cook et al. discloses an payment management system for obtaining an 
approval of an electronic fimd transfer disbursement file from a user of a remote system and 
transferring the electronic fund transfer disbursement file to a payments processor, the payment 
management system comprising (col. 1, 2, lines 14-49, 39-55): 

• Means for generating a digest by performing a hash on the electronic fund transfer 
disbursement file (col. 1, 2, lines 14-49, 39-55); 

• Means for transferring the digest to the remote system (col. 1, 2, lines 14-49, 39-55); 

• Means for receiving an authorization response from the remote system, the authorization 
response comprising a digital signature of authenticated attributes, the authenticated attributes 
comprising the digest (col. 1, 2, lines 14-49, 39-55); 
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Cook et aL does not expressly disclose means for transferring an electronic funds submission 
to the payments processor over a secure connection, the electronic funds submission comprising 
the payment transaction file and at least a portion of the authorization response comprising the 
digital signature. 

Yacobi et al. discloses means for transferring an electronic funds submission to the payments 
processor over a secure cormection, the electronic funds submission comprising the payment 
transaction file and at least a portion of the authorization response comprising the digital 
signature (col. 3, lines 57-64). 

Therefore, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to have modified of Cook et al. to include the step(s) taught by Yacobi et 
al. as discussed above in order to provide a real-time software application is provided that allows 
consumers to authorize transaction in a secure, private, and convenient manner for the purchase 
of goods and services over the intemet (col. 1, lines 52-56). 

10. Referring to claim 8 . Cook et al. disclose the remote system comprises means for: generating 
additional message attributes (col. 2, lines 38-65); 

• Combining the additional message attributes with the digest to generate the authenticated 
attributes (col. 2, lines 38-65); 

• The digital signature comprises a digital signature of a hash of the authenticated attributes 
(col. 2, lines 38-65). 

1 1 . Referring to claim 9 . Cook et al. discloses the remote system further comprises means for 
(col. 1, lines 14-49): 
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• Generating and passing a dummy data file to a signing component to obtain a dummy 
authentication data structure, the dummy authentication data structure comprising a dummy 
digital signature (col. 1, lines 14-49); 

• Passing the authenticated attributes to the signing component to obtain the digital 
signature (col. 1, lines 14-49); 

• Combining the digital signature with at least a portion of the dununy authentication data 
structure by replacing the dummy digital signature with the digital signature to generate an 
authentication data structure (col. 1, lines 14-49); 

• Including the authentication data structure in the authorization response (col. 1, lines 14- 
49). 

12. Referring to claim 10 . Cook et al. discloses the dummy data structure further comprises a 
dummy digest (col. 1, lines 14-49); 

• The remote system further combines the digest with the dummy authentication 

data structure to generate the authentication data structure by replacing the dummy digest with 
the digest (col. 1, lines 14-49). 

13. Referring to claim 11 . Cook et al. discloses the payment management system of claim 10, 
further comprising means for authenticating the user of the remote system by (col. 1, lines 14- 
49): 

• Obtaining log on credentials identifying the user of the remote system; determining 
whether the log on credentials match those of an authorized user (col. 1, lines 14-49); 

• Transferring the authorization request to the remote system occurs only if the log on 
credentials match those of an authorized user (col. 1, lines 14-49). 
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14. Referring to claim 12 . Cook et al. discloses means for authenticating the user of the remote 
system to the payments processor by (col. 1, lines 14-49): 

• Receiving an authentication challenge from the payments processor; transferring the 
authentication challenge to the remote system (col. 1, lines 14-49); 

• Receiving an authentication response from the remote system; and transferring the 
authentication response to the payments processor (col. 1, lines 14-49). 

15. Referring to claim 13 . Cook et al. discloses a web server for passing authorization control 
code to the remote system, the authorization control code being at least one of executable by the 
remote system and interpretable by the remote system for driving the remote system to (col. 1, 
lines 24-41): 

• Generate additional message attributes (col, 1, lines 24-41); 

• Combine the additional message attributes with the digest to generate the authenticated 
attributes (col. 1, lines 24-41); 

• The digital signature comprises a digital signature of a hash of the authenticated attributes 
(col. 1, lines 24-41). 

16. Referring to claim 14 . Cook et al. discloses the authorization control code further drives the 
remote system to (col. 1, lines 14-49): 

• Generate and pass a dummy data file to a signing component to obtain a dxmmiy 
authentication data structure, the dummy authentication data structure comprising a dummy 
digital signature (col. 1, lines 14-49); 

• Pass the authenticated attributes to the signing component to obtain the digital signature 
(col. 1, lines 14-49); 
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• Combine the digital signature with at least a portion of the dummy authentication data 
structure by replacing the dummy digital signature with the digital signature to generate an 
authentication data structure (coL 1, lines 14-49); 

• Include the authentication data structure in the authorization response (col. 1, lines 14-49). 

17. Referring to claim 15 . Cook et al. discloses the dummy data structure further comprises a 
dummy digest (col. 1, lines 14-49); 

• The authorization control code further drives the remote system to combine the digest 
with the dummy authentication data structure to generate the authentication data structure by 
replacing the dummy digest with the digest (col. 1, lines 14-49). 

1 8. Referring to claim 16 . Cook et al. discloses means for authenticating the user of the remote 
system by (col. 1, lines 14-49): 

• Obtaining log on credentials identifying the user of the remote system (col. 1, lines 14- 
49); 

• Determining whether the log on credentials match those of an authorized user (col. 1, 
lines 14-49); 

• Transferring the authorization request to the remote system occurs only if the log on 
credentials match those of an authorized user (col. 1, lines 14-49). 

19. Referring to claim 17 . Cook et al. discloses for authenticating the user of the remote system 
to the payments processor by (col. 1, lines 14-49): 

• Transferring the authentication response to the payments processor (col. 1, hues 14-49). 
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Cook et al. does not expressly disclose receiving an authentication challenge from the 
payments processor; transferring the authentication challenge to the remote system; receiving an 
authentication response from the remote system. 

Yacobi et al. discloses receiving an authentication challenge from the payments processor 
(col. 1,5, lines 24-44, 50-57); 

• Transferring the authentication challenge to the remote system; receiving an 
authentication response from the remote system (col. 1, 5, lines 24-44, 50-57). 

Therefore, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to have modified of Cook et al. to include the step(s) taught by Yacobi et 
al. as discussed above in order to provide a real-time software application is provided that allows 
consumers to authorize transaction in a secure, private, and convenient manner for the purchase 
of goods and services over the internet (col. 1, lines 52-56). 

Conclusion 

20. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Any inquiry concerning this communication or earlier communications from the patent 
examiner should be directed to Shahid Kamal whose telephone number is (571) 270-3272. The 
Patent examiner can normally be reached on Monday-Thursday (9:00am -7:00pm), Friday off 

If attempts to reach the examiner by telephone are unsuccessftil, the examiner's supervisor, 
Khoi Tran can be reached on (571) 272-6919. The fax phone number for this origination where 
this application or proceeding is assigned is (571) 273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published application 
may be obtained from either Private PAIR or Public PAIR. 

Statues information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http ://pair-directed.uspto . gov . 

Should you have any questions on accessing to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 1(866) 217-9197 (toll free). If you would like assistance 
from a USPTO Customer Service Representative or access to the automated information system, 
call 1(800) 786-9199 (IN USA OR CANADA) or 1(571) 272-1000. 



Shahid Kamal 
July 10, 2007 



